Next: 3 FCM Detailed Design
Up: 2 Design Description
Previous: 2.1 FCM
Contents
Subsections
2.2 SAM
The architecture of SAM has been based on a modified Model-View-Controller
(MVC) architecture [4], and Unified Modelling Language
(UML) has been used in the design process [8]. The traditional MVC
architecture consists of three modules, as shown in figure 2,
which form the title:
- The Controller module (responsible for receiving user input and
interacting with the user)
- The Model module (responsible for processing user data)
- The View module (responsible for display the processed data to the
user)
Note: The use of the term `module' in the design of SAM refers to a
grouping of classes, and is intended as a higher level description.
Figure 2:
Shows the traditional MVC architecture
|
|
After some small modifications as to be discussed in section
2.2.3,
this architecture turned out to be the simplest and hence the most reliable.
In particular, the View module caters for the variety of types of output that
SAM must be
able to perform. It was also believed to be the most efficient out of those
considered, hence it was chosen for SAM.
A modified Pipes and Filters architecture was also considered, where a
control module selected the filters from user input and then the data was read
and passed through each filter. Although this would provide a clear conceptual
framework, the overhead required in reading and parsing data at multiple
stages was significant.
An event based architecture was also considered, but only the GUI is naturally
event based; the rest of SAM focuses on data processing. Further, the event
queueing and handling system required by the GUI is already provided by a
typical widget set and windowing system, so a separate system to handle these
functions was not required. It was sufficient to use the MVC architecture with
an event based Controller module handling the GUI.
The Python language will be used to implement SAM. Python is an interpreted
high-level object-oriented language. It provides many useful libraries in its
standard distribution, which along with its object-oriented nature, allow for
greater reuse of existing code and code written for SAM. Being an interpreted
language, speed will be less than that of compiled languages such as C.
However, Python provides extensive facilities for interfacing with C code,
such that if speed proves to be a problem in a particular class, it can be
coded in another language, such as C.
2.2.3 Design Overview
Due to the many and varied analyses required of the SAM product, the
Model module has been decomposed into three separate modules, which are
called Logger, Model and Analysis: Logger is responsible for capturing packet
information over a network interface and dumping this to a file; Model is
responsible for parsing dump files; and Analysis is responsible for performing
various types of analysis on the data parsed by Model. This breakdown can be
seen in Figure 3. Note that all communication between modules
is now performed by Controller, as it is initiated by user input. The file
format chosen for network dumps is of NETLOG format, a format native to RAMI
which is defined later (see section 5.1).
This architecture has been chosen to separate the different phases of
the analysis, which are as follows:
- The data is collected, from the network, and placed into a log
file to be read at a later date.
- A log file is loaded into a table in memory, and all TCP
streams are identified and listed to the user, who then selects some to
be analysed.
- A table of data is processed in some way to produce another
table which represents a particular analysis.
- The new table of data is displayed as a table or graphically.
The MVC architecture as implemented in our architecture provides this
separation. This separation promotes reusability and extensibility, as
each module can be replaced with another - changing the input, analysis
or output.
Figure 3:
Shows the modified MVC architecture used for SAM, including
the decomposition of the model module into Logger, Model and Analysis
modules.
|
|
Each of the analysis and output modules have been developed as plugins. That
is, they are loaded by the program and make themselves available for their
task. However they can be added or removed without any modifications to the
program. This allows for easy extendibility. For example, if a new analysis is
required, a simple python module can be written, and when placed in the
correct directory, it will automatically become available within SAM.
The following sections detail each of the modules of the
architecture, and provide diagrams of further decomposition of these
modules into classes.
- Module Name:
- Controller
- Purpose:
- Handles the main GUI window of SAM, and controls the collection,
processing and display of data.
- Responsibilities:
- This module is responsible for:
- Displaying the main GUI on startup
- Allowing the user to perform a network log
- Allowing the user to select a network log file to load
- Allowing the user to select a data type/output type/stream
combination/analysis type for analysis
- Updating the progress bar
- Maintaining a list of available analysis and output types that can
be performed
- Passing control to the Logger module when the user wishes to
perform a network log
- Directing the Model module to load a network log file and
extract stream and data information from it when the
user wishes to load a file
- Directing the Model module to extract the data needed for
analysis when the user has chosen their analysis options
- Directing the Analysis module to perform analysis on
the data to be analysed
- Directing the Output module to display the outcome of the
analysis
- Selecting and deselecting all streams, as a shortcut
- Showing stream names as either IP addresses or domain names
- Displaying online help
- Exiting the program
- Collaboration:
- This module collaborates with:
- Logger
- Model
- Analysis
- Output
- SRS References:
- 3.2.1.1, 3.2.1.2, 3.2.1.3, 3.2.1.5, 3.2.1.6, 3.2.1.8,
3.2.1.9, 3.2.1.10, 4.3.4.4, 4.4, 4.3.4.5, 5.2.1, 5.2.3
The Controller module is decomposed into the classes as
shown in figure 4.
Figure 4:
Shows the class decomposition of the Controller module
|
|
- Module Name:
- Model
- Purpose:
- Provides an interface to abstract away the details of parsing of NETLOG and
STREAMSLOG files and the submodule decomposition.
- Responsibilities:
- This module is responsible for providing an interface for:
- Obtaining the list of fields and streams used in a NETLOG file and,
where used, the accompanying STREAMSLOG file.
- Parsing a NETLOG file for user specified fields and streams as given
by the calling module.
- Collaboration:
- This module collaborates with:
- SRS References:
- 3.2.1.1, 3.2.1.2, 3.2.1.5, 3.2.1.8, 5.2.3
The Model module is decomposed further into the
classes as show in Figure 5.
Figure 5:
Shows the class decomposition of the Model module
|
|
- Module Name:
- Analysis
- Purpose:
- This module performs the chosen analysis on a given table of data, and
produces another table of data which is an analysis of the initial table.
This new table is now ready to be graphed. The analysis
is performed by plug-in modules, which all register a function that gets
called when analysis needs to be done.
The module is actually a collection of plugins.
- Responsibilities:
- The Analysis module is responsible for:
- Performing the chosen analysis (Plot Data, Mean, Variance, Spectral
Analysis, Autocorrelation, CDF, PDF or any other plug-ins the user
has loaded in) on the table of data
- Prompting the user for any variables or options required by the
chosen analysis when requested by the Controller module
- Registering a plugin with the AnalysisPlugins object
- Collaboration:
- This module collaborates with:
- SRS References:
- 3.2.1.3, 3.2.1.4, 3.2.1.8, 4.3.3.2, 5.2.3
The Analysis module consists of the classes shown in Figure
6. Each of the plugins registers itself with the
AnalysisPluginsClass.
Figure 6:
Shows the class decomposition of the Analysis module
|
|
- Module Name:
- Logger
- Purpose:
- Based on user specified parameters, this module will dump information
about packets on the network over a given time to a file. This file will
later be read by other components of this program.
- Responsibilities:
- The Logger module is responsible for:
- Allowing the user to select the fields they wish to record for
packets passing over the network
- Allowing the user to specify a network interface to collect
packets from
- Allowing the user to begin and end a dump of network traffic
- Allowing the user to select a filename to dump the network log
to
- Allowing the user to specify how long the log will last, maximum
time being 24 hours.
- Allowing the user to specify the interval at which data is dumped, as
either:
- Number of Packets
After a certain number of packets have been collected since the last
dump, data about packets may be logged.
- Elapsed Time
After a certain amount of time has passed since the last dump, data
about the packets may be logged. Allowed time intervals are 100 ms,
and any multiple of 100 ms, up to 1 hour.
- Saving the data from a network dump to a log file, including a
summary of all TCP streams present in the log
- Collaboration:
- The Logger module collaborates with:
- SRS References:
- 3.2.1.9a, 3.2.1.9b, 3.2.1.9c, 3.2.1.9d, 3.2.1.9e,
5.2.3
The Logger module is decomposed into the classes as
shown in figure 7. Additionally, a Python module,
NetLogger, implemented in C, performs the low level logging task.
However, the GUI is handled by Python classes.
Figure 7:
Shows the class decomposition of the Logger module
|
|
- Module Name:
- Output
- Purpose:
- This module produces a graph either to the screen, to a postscript file, to a
table displayed on the screen, to a table written to a text file or outputs
gnuplot commands and data, to a file loadable by gnuplot. The
graph is produced from a table of data which must be provided. A GUI is
provided to select any parameters required. The module is actually composed of
a set of plugins which register with the OutputPlugins object.
- Responsibilities:
- The Output module is responsible for:
- Displaying a GUI for the user to select options for the type of
output they have chosen
- Displaying a graph of the table on screen. This graph may be made up
of lines, boxes, points or a combination.
- Saving a graph of the table to a postscript file
- Displaying the table of data on screen as a table
- Saving gnuplot commands and data to a file
- Saving the table of data to a file
- Registering as an output plugin with the OutputPlugins class
- Collaboration:
- The Output module collaborates with:
- SRS References:
- 3.2.1.6, 3.2.1.7, 3.2.1.8, 4.3.3.2, 5.2.2, 3.2.2.1,
5.2.3
The Output module is decomposed into the classes as shown in
figure 8. Each of the plugins registers itself with the
OutputPluginsClass.
Figure 8:
Shows the class decomposition of the Output module
|
|
Next: 3 FCM Detailed Design
Up: 2 Design Description
Previous: 2.1 FCM
Contents
![\includegraphics[width=8cm]{diagrams/modmvc}](img4.png)
![\includegraphics[width=5cm]{diagrams/mvc}](img3.png)
![\includegraphics[width=0.8\textwidth]{diagrams/control}](img5.png)
![\includegraphics[width=0.9\textwidth]{diagrams/model}](img6.png)
![\includegraphics[width=0.8\textwidth]{diagrams/analysis}](img7.png)
![\includegraphics[width=0.8\textwidth]{diagrams/logger}](img8.png)
![\includegraphics[width=0.7\textwidth]{diagrams/view}](img9.png)